How to display HTTP Headers via Tcpdump

Syntax

To display the HTTP Headers using just tcpdump the following syntax can be used :

root@webserver1 ~]#  tcpdump -vvvs 1024 -l -A host  www.fir3net.com

Example

[root@webserver1 ~]# tcpdump -vvvs 1024 -l -A host www.fir3net.com
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1024 bytes
19:51:57.742793 IP (tos 0x0, ttl 64, id 39410, offset 0, flags [DF], proto: TCP (6), length: 208) webserver1.55355 > web160.extendcp.co.uk.http: P, cksum 0x4ce6 (incorrect (-> 0x29e9), 1:157(156) ack 1 win 183
E…..@.@.T…..O.(..;.P.B.<..w3….L……
!y>.5…HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: www.fir3net.com
Accept: */*

19:51:57.747162 IP (tos 0x0, ttl 56, id 40702, offset 0, flags [DF], proto: TCP (6), length: 52) web160.extendcp.co.uk.http > webserver1.55355: ., cksum 0xdeb4 (correct), 1:1(0) ack 157 win 1448
E..4..@.8.W.O.(……P.;..w3.B………….
5…!y>.
19:51:58.581168 IP (tos 0x0, ttl 56, id 40704, offset 0, flags [DF], proto: TCP (6), length: 475) web160.extendcp.co.uk.http > webserver1.55355: P, cksum 0xdd93 (correct), 1:424(423) ack 157 win 1448
E…..@.8.U.O.(……P.;..w3.B………….
5…!y>.HTTP/1.1 200 OK
Date: Mon, 26 Sep 2011 19:51:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM”
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 76a7b8dc15e4f0021ca24944dc631ff9=7bg357jeia0soqojvkj6iejhg5; path=/
Last-Modified: Mon, 26 Sep 2011 19:51:58 GMT
Content-Type: text/html; charset=utf-8

Note

To view the entire page /data payload the snap size switch (of 1500) is used.

root@webserver1 ~]#  tcpdump -vvvs 1500 -l -A host  www.fir3net.com

Rick Donato

Want to become a Linux expert?

Here is our hand-picked selection of the best courses you can find online:
Linux Mastery course
Linux Administration Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial